View previous topic :: View next topic |
Author |
Message |
mrally2 Cheater Reputation: 0
Joined: 01 Apr 2020 Posts: 43
|
Posted: Tue Sep 21, 2021 8:51 am Post subject: Lua script not working properly inside trainer |
|
|
I have this function in my lua script:
Code: |
function topcCheck()
if readPointer("[cshook]") ~= nil then
if readInteger(readInteger("[cshook]")+0xD7) == 878670437 and --er_4
readInteger("[cshook]+0xB4") == 845099568 then --02_2
autoAssemble([[
0121D23B:
nop
nop
nop
]])
else
autoAssemble([[
0121D23B:
cmp [esi],dx
]])
end
end
end
|
It seems that the ASM parts get skipped somehow cause it works fine in the CT (everything gets enabled without errors). I experience the same behavior when using memoryrecord_freeze on a separate script that does the same thing.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Tue Sep 21, 2021 11:57 am Post subject: |
|
|
is cshook valid at the time your script runs?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
mrally2 Cheater Reputation: 0
Joined: 01 Apr 2020 Posts: 43
|
Posted: Tue Sep 21, 2021 5:57 pm Post subject: |
|
|
Dark Byte wrote: | is cshook valid at the time your script runs? | I run a timer on the function so it's checking the pointer constantly. But as I said, when enabling the script in the CT works fine.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4289
|
Posted: Tue Sep 21, 2021 10:49 pm Post subject: |
|
|
What does the script in the CT look like? (the one that works fine)
Put some print statements in the code to see what's going on. e.g. is readPointer("[cshook]") always nil? Does the condition of the second if statement always evaluate to false?
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Wed Sep 22, 2021 1:54 am Post subject: |
|
|
perhaps you do the hook code too early before the game is fully loaded
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
mrally2 Cheater Reputation: 0
Joined: 01 Apr 2020 Posts: 43
|
Posted: Wed Sep 22, 2021 12:30 pm Post subject: |
|
|
ParkourPenguin wrote: | What does the script in the CT look like? (the one that works fine)
Put some print statements in the code to see what's going on. e.g. is readPointer("[cshook]") always nil? Does the condition of the second if statement always evaluate to false? |
So, this is how the ASM script looks like:
Code: |
[ENABLE]
alloc(newmem,2048)
alloc(cshook,$500)
registersymbol(cshook)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
push ebx
lea ebx,[esi+48]
mov [cshook],ebx
pop ebx
jmp originalcode
originalcode:
mov ecx,[esi+48]
push 00
exit:
jmp returnhere
"Need for Speed The Run.exe"+48D46C:
jmp newmem
returnhere:
[DISABLE]
dealloc(*)
unregistersymbol(*)
"Need for Speed The Run.exe"+48D46C:
mov ecx,[esi+48]
push 00
|
And this is how the entire lua script from earlier looks like:
Code: |
{$lua}
getLuaEngine().cbShowOnPrint.Checked=false
getLuaEngine().hide()
[ENABLE]
print "TOP Check Enabled"
function topcCheck()
if readPointer("[cshook]") ~= nil then
if readInteger(readInteger("[cshook]")+0xD7) == 878670437 and --er_4
readInteger("[cshook]+0xB4") == 845099568 then --02_2
autoAssemble([[
0121D23B:
nop
nop
nop
]])
else
autoAssemble([[
0121D23B:
cmp [esi],dx
]])
end
end
end
topc = createTimer(nil)
timer_onTimer(topc,topcCheck)
timer_setInterval(topc, 100)
timer_setEnabled(topc, true)
[DISABLE]
timer_setEnabled(topc, false)
print "TOP Check Disabled"
|
To test this properly I decided to put some showMessage in the form script and delete the LUA script from above entirely to put it there:
Code: |
function attach()
GameID = getProcessIDFromProcessName("Need For Speed The Run.exe")
if GameID ~= getOpenedProcessID() and GameID ~= nil then
openProcess("Need For Speed The Run.exe")
end
end
t = createTimer(nil, false)
timer_onTimer(t, attach)
timer_setInterval(t, 500)
timer_setEnabled(t, true)
--///////////////// DEBUG ADDITION //////////////////////
function topcCheck()
if readPointer("[cshook]") ~= nil then
if readInteger(readInteger("[cshook]")+0xD7) == 878670437 and --er_4
readInteger("[cshook]+0xB4") == 845099568 then --02_2
showMessage("cshook is NOT NULL & the statement IS TRUE")
autoAssemble([[
0121D23B:
nop
nop
nop
]])
else
showMessage("cshook is NOT NULL & the statement IS FALSE")
autoAssemble([[
0121D23B:
cmp [esi],dx
]])
end
else
showMessage("cshook IS NULL")
end
end
topc = createTimer(nil)
timer_onTimer(topc,topcCheck)
timer_setInterval(topc, 1000)
timer_setEnabled(topc, true)
|
So, indeed cshook is NULL from the start until I enable the scripts with the hotkey I assigned, then after hitting the key to enable them and loading the game event it shows up as you well guessed "cshook is NOT NULL & the statement IS FALSE" which is not possible since enabling the scripts the same way but in the raw CT works all fine. To make things more clear, this script is used to bypass a crash.
Dark Byte wrote: | perhaps you do the hook code too early before the game is fully loaded | I don’t believe this is the case since enabling the scripts at the same spot (when the intro videos are showing up), the raw CT works fine every time but the trainer doesn't.[/code]
|
|
Back to top |
|
|
mrally2 Cheater Reputation: 0
Joined: 01 Apr 2020 Posts: 43
|
Posted: Sat Sep 25, 2021 4:56 pm Post subject: |
|
|
It seems that CE cannot inject the bytes in the static (protected) memory region even though the trainer is executed with admin rights by default. Any ideas on how to fix this?
|
|
Back to top |
|
|
Birdi Expert Cheater Reputation: 0
Joined: 08 Jun 2020 Posts: 122 Location: Migrating
|
Posted: Sat Sep 25, 2021 7:12 pm Post subject: |
|
|
Try using the FullAccess() function.
_________________
Trying to learn!
Add me on Discord if you want hands-on help: Birdi#0007 |
|
Back to top |
|
|
mrally2 Cheater Reputation: 0
Joined: 01 Apr 2020 Posts: 43
|
Posted: Sun Sep 26, 2021 5:49 am Post subject: |
|
|
Birdi wrote: | Try using the FullAccess() function. | I’ve set fullAccess(0x0121D23B,0x4) right before the topcCheck function but doesnt seem to do anything. Then I’ve found this browsing the forum:
Code: |
dbk_initialize()
dbk_useKernelmodeOpenProcess()
dbk_useKernelmodeProcessMemoryAccess()
if getOpenedProcessID()~=0 then
openProcess(getOpenedProcessID())
end
dbk_writesIgnoreWriteProtection(true)
|
Setting this inside the form script, debugger gets enabled but moments after BSOD appears.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Sun Sep 26, 2021 7:46 am Post subject: |
|
|
after the process has been opened start a 10 second timer
then open the process with ce (again)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
mrally2 Cheater Reputation: 0
Joined: 01 Apr 2020 Posts: 43
|
Posted: Sun Sep 26, 2021 12:10 pm Post subject: |
|
|
Dark Byte wrote: | after the process has been opened start a 10 second timer
then open the process with ce (again) | I’d like a solution that doesn’t require the user to have CE installed on their end. I’m doing all of this in a custom compiled 7.3 version.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Sun Sep 26, 2021 1:40 pm Post subject: |
|
|
then automate the waiting, with something like a timer
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
mrally2 Cheater Reputation: 0
Joined: 01 Apr 2020 Posts: 43
|
Posted: Wed Sep 29, 2021 9:13 am Post subject: |
|
|
Dark Byte wrote: | then automate the waiting, with something like a timer | I modified the attach function to do that:
Code: |
function attach()
GameID = getProcessIDFromProcessName("Need For Speed The Run.exe")
if GameID ~= getOpenedProcessID() and GameID ~= nil then
openProcess("Need For Speed The Run.exe")
sleep(10)
openProcess("Need For Speed The Run.exe")
timer_setEnabled(t, false)
end
end
|
Has the same exact result. It doesn't change the opcode at the address but the rest of the scripts in the trainer work fine (I have other ASM scripts in the trainer and those work fine). Again, not sure why it doesn't change that specific opcode neither using ASM nor LUA.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Wed Sep 29, 2021 9:30 am Post subject: |
|
|
try sleep(10000) instead for 10 seconds
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
mrally2 Cheater Reputation: 0
Joined: 01 Apr 2020 Posts: 43
|
Posted: Wed Sep 29, 2021 3:44 pm Post subject: |
|
|
Dark Byte wrote: | try sleep(10000) instead for 10 seconds | same behaviour.
EDIT: cshook doesn’t have the correct address when is being enabled within the trainer, therefore the fault is in the ASM script and not LUA.
|
|
Back to top |
|
|
|